[Build-common-hackers] Bug#833783: cdbs: please invoke perl build processes with -I. [CVE-2016-1238]

Dominic Hargreaves dom at earth.li
Mon Aug 8 15:50:16 UTC 2016

Package: cdbs
Version: 0.4.142
Severity: serious
Justification: https://lists.debian.org/debian-release/2016/07/msg00476.html
User: debian-perl at lists.debian.org
Usertags: perl-cwd-inc-removal

As per the referenced thread, we are going to remove '.' from @INC,
the perl module search path, by default, shortly. Please can you apply
something like the attached patches (which were uploaded as a security
update 0.4.130+deb8u1) at your earliest convenience? This will fix
a substantial number of FTBFS bugs resulting from such a change.

The attachments are from my local git repository which I used to 
prepare the jessie-security update, to import into the official repo
should you wish. This should make merging/cherry-picking easier.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Invoke-Makefile.PL-and-Build.PL-with-perl-I.-as-part.patch
Type: text/x-diff
Size: 2925 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/build-common-hackers/attachments/20160808/e7a4b5eb/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-releasing-package-cdbs-version-0.4.130-deb8u1.patch
Type: text/x-diff
Size: 872 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/build-common-hackers/attachments/20160808/e7a4b5eb/attachment-0001.patch>

More information about the Build-common-hackers mailing list